How to do it...

We chose ZAP for this exercise as it can monitor, intercept, and repeat WebSockets messages. Burp Suite can monitor WebSockets communication; however, it doesn't have the ability to intercept, modify, and replay messages:

  1. Configure your browser to use ZAP as a proxy, and in ZAP, enable the WebSockets tab by clicking on the plus icon in the bottom panel:
  1. Now, in the browser go to http://dvws.local/DVWS/ and select Stored XSS from the menu:

  1. Enter some comments and change to ZAP. In the History tab, look for for a request ...

Get Kali Linux Web Penetration Testing Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.